Mitigate findings from within Eclipse
You can mitigate flaws, including approving and rejecting existing mitigations, from within Eclipse.
Before you begin:
- You must have the Mitigation API role.
- You have imported the Veracode scan results, which appear in the Results view in Eclipse.
From within your IDE, you can comment on a flaw and set the mitigation status as:
- Potential false positive
- Design
- OS environment
- Network environment
- Mitigate by design
You can also accept or reject a flaw already flagged as mitigated.
To complete this task:
-
In your IDE, select Veracode > View Results.
-
From the Results window, in the Flaw ID column, select the checkbox next to one or more flaws that you want to mitigate.
-
From the Actions dropdown menu, select a mitigation action and select Mitigate.
-
In the Flaw Mitigation Request window, enter your comments.
-
Select Continue.
-
If you see an access denied error message, check for these issues, resolve them, and try to mitigate again:
- There is a policy or sandbox scan in progress for the application.
- You are not working with the most recent scan results.
- You do not have the Mitigation API role.
- Another user has locked the flaw in the Veracode Platform.